If this is your first visit, be sure to
check out the Forum Rules by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Hybrid View

Blind TCP Hijacking

Hi all, I was reading this:
www . phrack . com / issues.html?issue=64&id=13&mode=txt
and it's a good way to learn in depth how TCP works, and although making a basic tool to discover sequences and port wouldn't be such a pain, there some problem shown in this article that may be solved by using more evolued algorithms, like being aware of user trafic by making stats to discover IP_ID ...
I wonder if some of you knows some tools to hijack tcp sessions.

Hi all, I was reading this:
www . phrack . com / issues.html?issue=64&id=13&mode=txt
and it's a good way to learn in depth how TCP works, and although making a basic tool to discover sequences and port wouldn't be such a pain, there some problem shown in this article that may be solved by using more evolued algorithms, like being aware of user trafic by making stats to discover IP_ID ...
I wonder if some of you knows some tools to hijack tcp sessions.

well i wrote a small program which calculates the correct sequence number and build packets from the scratch and responds to request it is still in the priliminary stages and work on broadcast networks (wifi targeted) it can be downloaded from here rcx.sourceforge.net

i know the program is pretty shitty at this moments and if anybody wants to help me improve it can join the project.

well i wrote a small program which calculates the correct sequence number and build packets from the scratch and responds to request

Kevin famously did something exactly like this to mess with the dumbass who "caught" him - and TCP was modified to deal with the attack.

Nowadays, predicting TCP sequence numbers blind is problematic at best, albeit it is possible to fake the entire handshake completely blind, and if you are in a position to do so, it is far easier to MiTM the connection, or introduce tcp-breaks (look into injecting commands into telnet streams).

Datenterrorist has a good write up, TCP Hijacking tools in Perl or something like that, which is quite useful.

Still not underestimating the power...

There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.